A button click fires facebookLogin() which logs in a facebook user, getting a facebook session that includes an access token, which I JSON serialize and post to the server. The server then saves this access token to the database table FacebookDeliveryQueue.

I have a Windows service running that periodically queries the FacebookDeliveryQueue table and attempts to post on a user's wall using the access token we saved earlier:

My problem is, this ONLY works with access tokens from the user that created the facebook application. E.g.

Success:
I, the creator of this application, log in and pick one of my friends to send a message to, this info is saved to the database, the service runs, my message is posted to my friend's wall.

Failure:
I log in on my dummy test account (approving the app permissions on this account), pick one of my dummy test account's friend, this info is saved to the database, the service runs and throws an invalid access token error.

I'm not shure, but possibly, you're using code available only for developement-enabled account. Try your code with a different "developer" account and see if it works
–
ArtoAleOct 10 '11 at 21:36

Is that a thing? What's the difference between a "developer" account and a normal facebook account? This app is associated with my normal facebook account.
–
Daniel CoffmanOct 10 '11 at 22:56

I've now verified my test account and added it as an administrator for this app and the delivery still fails with the same "Invalid access token signature" exception. Access tokens from my other "real" account (with which I created this app) can still post to any friend's wall.
–
Daniel CoffmanOct 10 '11 at 23:34

2 Answers
2

The persistence to the database was silently trimming the access token to 75 characters, which in the case of my own user, was enough (small user id because it's an old account) -- but five characters too short in the case of my test account which has a very large user id.

Looks like you're using facebook's old login methods, which they recently just turned off, so your old access tokens aren't valid anymore? And your javascript isn't generating the right kind of token. Read the latest version of the FB.login documentation for more info on what changes you need to make. Specifically,

pass oauth: true to the FB.init call

check for response.authResponse instead of response.session now.

Also, check that your app isn't in "sandbox mode". Go to the app settings page and click on "advanced". Sandbox mode makes it so that only developers can use the app.

Good catch on the old FB.login -- I was out on vacation for the last three weeks and missed that entirely. Curiously enough the old way still works just fine, but I'll migrate and see if that helps. Sandbox mode is disabled.
–
Daniel CoffmanOct 10 '11 at 22:55

What did you mean by "your javascript isn't generating the right kind of token"? The tokens I get in the authResponse object with Oauth enabled are identical to the tokens I was getting from the session object with it disabled. Is there another kind of access token?
–
Daniel CoffmanOct 11 '11 at 15:18

I thought Facebook had said that the new method was generating different kinds of access tokens and that the old ones wouldn't be accepted anymore, but I never tested so I may have been wrong.
–
Mike RuhlinOct 12 '11 at 13:52